Various computing devices are accessible over public communication networks, such as the Internet. While such access provides numerous opportunities to organizations utilizing such networks, it also presents substantial risk. For example, denial-of-service (DoS) attacks have become a common way of overloading the capacity of organizations' systems. A DoS attack may involve one or more computers submitting multiple requests to at least one computing resource, such as a Web server, in order to fully occupy the server's capacity, thereby preventing the server from responding to legitimate requests in a timely manner, if at all. For many organizations, such as organizations utilizing the Internet to service customers, preventing servers from responding to legitimate requests can cause significant harm to costs, revenue, and customer goodwill, among other potential problems. Not only is a DoS victim prevented from servicing customers, but the victim may also be responsible for costs to Internet service providers (ISPs) for the increased network traffic attributable to DoS attacks.
As networks such as the Internet have scaled up in capacity, it has become increasingly expensive for conventional. DoS attackers. For example, an attacker attempting to disable a website with 10 Gbit/sec. of network capacity will have to generate 10Gbit/sec. of inbound network traffic. Accordingly, attackers have adjusted the way in which such attacks are carried out. One such type of attack is referred to as a “trickle attack” or “HTTP trickle attack,” wherein the number of concurrently available connections is exhausted instead of the processing capacity. A large number of connections is made to a Web server and a continuous stream of headers (e.g., short. HTTP headers) sent at regular, but substantially long, intervals, such as every thirty seconds. Such an approach is much less expensive for the attacker than a conventional DoS attack, but can quickly tie up the number of connections or request processors for the Web server or other such system or service. One approach to mitigating these types of attacks is to use shorter timeout periods for incoming requests. Such an approach can be undesirable in many situations, however, as customers using devices such as smart phones or tablet computers with weak or spotty cellular connections may not be able to have requests completed within the timeout period, which can frustrate customers can cost the providers business.